Data brokers mine a treasure trove of personal, locational and transactional data to paint a picture of an individual’s life. Tastes in books or music, hobbies, dating preferences, political or religious leanings, and personality traits are all packaged and sold by data brokers to a range of industries, chiefly banks and insurers, retailers, telecoms, media companies and even governments. The European Commission forecasts the data market in Europe could be worth as much as €106.8bn by 2020.

“The explosive growth of online data has led to the emergence of the super data broker — the ‘privacy deathstars’, such as Oracle, Nielsen and Salesforce, that provide one-stop shopping for hundreds of different data points which can be added into a single person’s file,” says Jeffrey Chester, executive director of the Center for Digital Democracy based in Washington. “As a result, everyone now is invisibly attached to a living, breathing database that tracks their every move.”

Over the past five years, the data broker industry expanded aggressively in what amounted to a virtual regulatory vacuum. The rise of internet-connected devices has fuelled an enhanced industry of “cross-device tracking” that matches people’s data collected from across their smartphones, tablets, televisions and other connected devices. It can also connect people’s behaviours in the real world with what they are doing online.

The reluctance in virtually every country to restrict the purchase and sharing of user data without explicit consent is a complete regulatory failure. Nobody would tolerate someone asking them to submit a list daily of everything they’ve bought, every page they’ve seen online, every ad they’ve viewed, and everywhere they’ve been — not because that would be a lot of work, but because it would feel invasive. There shouldn’t be a “data market” at all.